10.02.2008 13:46

Installing Trendmicro Interscan Viruswall 6 (ISVW6) on Debian 4.0

Today I upgraded one of my customers ISVW5 for SMB installations to the new ISVW6 (namely ISVW_v6.02_7672_release.tar.gz). Of course - as always - Trendmicro doesn't officialy support Debian as host operating system and therefore you need to make some changes to your Debian system to make this combination work. I'll summarize the necessary changes here for your convenience but I don't know if it's a complete summary, by now, everything seems to work with the new version but there might be additional pitfalls I've not stumbled in by now, so if you experience troubles, please drop me a comment here or write me an e-mail and I'll have a look.

First of all, when upgrading from ISVW5 to ISVW6, make sure to either backup your ISVW5 configuration using the migration script or choose the upgrade method during the setup. Due to my paranoia I chose to manually backup the settings just to be sure in case the setup script wouldn't work - I suggest you do this too.

Now, your current configuration should be safe and you might want to continue
the installation process.

Before you do so, you should prepare some things. First of all, you should add the following library locations to your ldconfig configuration. On Debian, this is usually achieved by adding a file called "/etc/ld.so.conf.d/trendmicro.conf" with the following contents:

This file can also be downloaded from here, check the links at the end of this article.
I recognized that ISVW installs some libraries also available on standard Debian systems into these directories, e.g. libgssapi_krb5.so.2 a.s.o, so you need to make sure that your system's libraries are used primarily on your system by adding the paths "/lib/" and "/usr/lib" at the beginning of "/etc/ld.so.conf".

As these directories aren't populated by now (ISVW6 has not been installed yet) it is pointless to run `ldconfig` now. The installer should do this automatically after the installation has finished.

Next, make sure the `awk` binary can be called by "/bin/awk" and the `basename` binary can be called by "/bin/basename". This was a tough one to find out, I had to dig through quite some `strace` output to get an idea about why my diskspace seems to be insufficient :-/
The webui uses the hardcoded path "/bin/awk" to parse the `df -P -k /opt/trend/isvw6` output to gain information about the free disk space on your machine. If /bin/awk is not available you cannot manage your ISVW installation through the webinterface and will receive the following error message in your webbrowser:

Use the following command to make a symlink to Debian's default installation path:

ln -s /usr/bin/awk /bin/awk
ln -s /usr/bin/basename /bin/basename

After installation the startup script "/etc/init.d/isvw6" uses the `usleep` command to delay the startup of particular ISVW processes. Needless to say, `usleep` isn't available on Debian systems so you either need to rewrite /etc/init.d/isvw6 or create a usleep wrapper script. I decided to implement the latter because you never know whereelse they're using usleep, so here's an example of a simple usleep wrapper script that calls sleep with the re-calculated delay (copy this script to /bin/usleep and make it executable):

This script can be downloaded from here, check the links at the end of this article.

Now your system should be prepared and it is safe to run the setup script. Please follow the Getting Started Guide for detailed information about the installation procedure.

./setup.sh

After the installation completed successfully, stop the ISVW services, run `ldconfig` to make sure the library cache gets updated, apply a small patch to /etc/init.d/isvw6 to avoid warnings of deprecated `tail` usage and start the services again: